Edit the new configuration files (for example, myhost.mc), as necessary.

For example, add the following command line to enable domain masquerading.

# cat myhost.mc
..
MASQUERADE_AS(`host.domain')

host.domain

Use the desired host name and domain name.

In this example, MASQUERADE_AS causes sent mail to be labeled as originating from
host.domain, rather than $j.

Build the configuration file by using m4.

# makemyhost.cf

Test the new configuration file by using the -C option to specify the
new file.

# /usr/lib/sendmail -Cmyhost.cf -v testaddr </dev/null

While this command displays messages, it sends a message to testaddr. Only
outgoing mail can be tested without restarting the sendmail service on the system.
For systems that are not handling mail yet, use the full testing procedure
in How to Test the Mail Configuration.

Install the new configuration file after making a copy of the original.

Setting Up a Virtual Host

If you need to assign more than one IP address to a host,
see this Web site: http://www.sendmail.org/tips/virtualHosting. This site provides complete instructions about how
to use sendmail to set up a virtual host. However, in the
“Sendmail Configuration” section, do not perform step 3b, as shown in the following.

After you have generated your /etc/mail/sendmail.cf file, you can continue with the next
steps to create a virtual user table.

How to Automatically Rebuild a Configuration File

If you have built your own copy of sendmail.cf or submit.cf, the
configuration file is not replaced during the upgrade process. The following procedure shows
how to configure the sendmail service properties so that the sendmail.cf file is automatically
rebuilt for you. For instructions on how to automatically build the submit.cf configuration
file, see Example 13-1. You may combine these procedures if you need to build
both files.

How to Use sendmail in the Open Mode

The sendmail service has been changed so that it would run in local–only
mode by default. The local-only mode means that only mail from the local
host is accepted. Messages from any other systems are rejected. Earlier releases were configured
to accept incoming mail from all remote systems, which is known as the
open mode. To use the open mode, use the following procedure.

Caution - Running sendmail in the local–only mode is much more secure than running in
the open mode. Make sure that you are aware of the potential security
risks if you follow this procedure.

How to Set SMTP to Use TLS

SMTP can use Transport Layer Security (TLS) in version 8.13 of sendmail. This
service to SMTP servers and clients provides private, authenticated communications over the Internet,
as well as protection from eavesdroppers and attackers. Note that this service is
not enabled by default.

Use your preferred text editor to change the dir value in the openssl.cnf
file from /etc/sfw/openssl to /etc/mail/certs/CA.

Use the openssl command-line tool to implement TLS.

Note that the following command line generates interactive text.

# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 \ -config openssl.cnf
Generating a 1024 bit RSA private key
.....................................++++++
.....................................++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:California
Locality Name (eg, city) []:Menlo Park
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:Oracle
Organizational Unit Name (eg, section) []:Solaris
Common Name (eg, YOUR name) []:somehost.somedomain.example.com
Email Address []:someuser@example.com

req

This command creates and processes certificate requests.

-new

This req option generates a new certificate request.

-x509

This req option creates a self-signed certificate.

-keyoutprivate/cakey.pem

This req option enables you to assign private/cakey.pem as the file name for your newly created private key.

-outcacert.pem

This req option enables you to assign cacert.pem as your output file.

-days365

This req option enables you to certify the certificate for 365 days. The default value is 30.

-configopenssl.cnf

This req option enables you to specify openssl.cnf as the configuration file.

Note that this command requires that you provide the following:

Country Name, such as US.

State or Province Name, such as California.

Locality Name, such as Menlo Park.

Organization Name, such as Oracle.

Organizational Unit Name, such as Solaris.

Common Name, which is the machine's fully qualified host name. For more information, see the check-hostname(1M) man page.

Email Address, such as someuser@example.com.

(Optional) If you need a new secure connection, make a new certificate and sign
the new certificate with the certificate authority.

Make a new certificate.

# cd /etc/mail/certs/CA
# openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 365 \ -config openssl.cnf
Generating a 1024 bit RSA private key
..............++++++
..............++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:US
State or Province Name (full name) []:California
Locality Name (eg, city) []:Menlo Park
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:Oracle
Organizational Unit Name (eg, section) []:Solaris
Common Name (eg, YOUR name) []:somehost.somedomain.example.com
Email Address []:someuser@example.com

This command requires that you provide the same information that you provided in
step 3c.

Note that in this example, the certificate and private key are in the
file newreq.pem.

How to Manage Mail Delivery by Using an Alternate Configuration of sendmail.cf

To facilitate the transport of inbound mail and outbound mail, the new default
configuration of sendmail uses a daemon and a client queue runner. The client
queue runner must be able to submit mail to the daemon on the
local SMTP port. If the daemon is not listening on the SMTP port,
the mail remains in the queue. To avoid this problem, perform the following
task. For more information about the daemon and client queue runner and to
understand why you might have to use this alternate configuration, refer to submit.cf Configuration File From Version 8.12 of sendmail.

This procedure ensures that your daemon runs only to accept connections from the
local host.